diff --git a/kubernetes/istio/istio-gateway-tls.yaml b/kubernetes/istio/istio-gateway-tls.yaml index 57b6ca5..b34e495 100644 --- a/kubernetes/istio/istio-gateway-tls.yaml +++ b/kubernetes/istio/istio-gateway-tls.yaml @@ -10,17 +10,17 @@ spec: - hosts: - ${WILDCARD_HOSTNAME} port: - name: http - number: 80 - protocol: HTTP + name: http2 + number: 8080 + protocol: HTTP2 tls: httpsRedirect: true - hosts: - ${WILDCARD_HOSTNAME} port: name: https - number: 443 - protocol: HTTPS + number: 8443 + protocol: HTTP2 tls: credentialName: tls-openg2p-ingress mode: SIMPLE diff --git a/kubernetes/istio/istio-gateway.yaml b/kubernetes/istio/istio-gateway.yaml index 5afcae7..8eda343 100644 --- a/kubernetes/istio/istio-gateway.yaml +++ b/kubernetes/istio/istio-gateway.yaml @@ -10,17 +10,17 @@ spec: - hosts: - ${WILDCARD_HOSTNAME} port: - name: http-redirect-https - number: 81 - protocol: HTTP + name: http2-redirect-https + number: 8081 + protocol: HTTP2 tls: httpsRedirect: true - hosts: - ${WILDCARD_HOSTNAME} port: - name: http - number: 80 - protocol: HTTP + name: http2 + number: 8080 + protocol: HTTP2 --- apiVersion: networking.istio.io/v1beta1 kind: Gateway @@ -34,14 +34,14 @@ spec: - hosts: - ${WILDCARD_HOSTNAME} port: - name: http-redirect-https - number: 81 - protocol: HTTP + name: http2-redirect-https + number: 8081 + protocol: HTTP2 tls: httpsRedirect: true - hosts: - ${WILDCARD_HOSTNAME} port: - name: http - number: 80 - protocol: HTTP + name: http2 + number: 8080 + protocol: HTTP2 diff --git a/kubernetes/istio/istio-operator-no-external-lb.yaml b/kubernetes/istio/istio-operator-no-external-lb.yaml index c4e2420..3deab92 100644 --- a/kubernetes/istio/istio-operator-no-external-lb.yaml +++ b/kubernetes/istio/istio-operator-no-external-lb.yaml @@ -20,6 +20,8 @@ spec: enabled: true label: istio: ingressgateway + istio-rancher: ingressgateway + istio-keycloak: ingressgateway k8s: nodeSelector: shouldInstallIstioIngress: "true" @@ -45,16 +47,13 @@ spec: service: type: ClusterIP ports: - - port: 15021 - name: status-port - targetPort: 15021 - protocol: TCP - - port: 443 - targetPort: 8443 - name: https - - port: 80 + - name: tcp-status-port + port: 15021 + - name: http2 + port: 80 targetPort: 8080 - name: http2 - - port: 5432 - targetPort: 5432 - name: tcp-postgres + - name: https + port: 443 + targetPort: 8443 + - name: tcp-postgres + port: 5432 diff --git a/kubernetes/istio/istio-operator-no-ingress.yaml b/kubernetes/istio/istio-operator-no-ingress.yaml new file mode 100644 index 0000000..fd1be4e --- /dev/null +++ b/kubernetes/istio/istio-operator-no-ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +metadata: + namespace: istio-system + name: primary +spec: + profile: default + meshConfig: + accessLogFile: /dev/stdout + enableTracing: true + pathNormalization: + normalization: MERGE_SLASHES + defaultConfig: + proxyMetadata: + ISTIO_META_IDLE_TIMEOUT: 0s + holdApplicationUntilProxyStarts: true + components: + ingressGateways: + - name: istio-ingressgateway + enabled: false diff --git a/kubernetes/istio/istio-operator.yaml b/kubernetes/istio/istio-operator.yaml index 6f5f309..1d5e175 100644 --- a/kubernetes/istio/istio-operator.yaml +++ b/kubernetes/istio/istio-operator.yaml @@ -30,20 +30,18 @@ spec: ports: - name: tcp-status-port port: 15021 - targetPort: 15021 nodePort: 30521 - name: http2 port: 80 targetPort: 8080 nodePort: 30080 - - name: tcp-postgres - port: 5432 - targetPort: 5432 - nodePort: 30432 - - name: http-redirect-https + - name: http2-redirect-https port: 81 targetPort: 8081 nodePort: 30081 + - name: tcp-postgres + port: 5432 + nodePort: 30432 - name: istio-ingressgateway-public enabled: false label: @@ -58,17 +56,12 @@ spec: ports: - name: tcp-status-port port: 15021 - targetPort: 15021 nodePort: 31521 - name: http2 port: 80 targetPort: 8080 nodePort: 31080 - - name: tcp-postgres - port: 5432 - targetPort: 5432 - nodePort: 31432 - - name: http-redirect-https + - name: http2-redirect-https port: 81 targetPort: 8081 nodePort: 31081 diff --git a/kubernetes/keycloak/README.md b/kubernetes/keycloak/README.md index 869bc3f..e84bd32 100644 --- a/kubernetes/keycloak/README.md +++ b/kubernetes/keycloak/README.md @@ -1,3 +1,11 @@ ## Keycloak -- Refer to [Keycloak deployment instructions](https://docs.openg2p.org/deployment/external-components-setup/keycloak-deployment) +This directory contains instructions to install Keycloak. +This Keycloak is only one per Organization (which is now suggested to be installed as part of [Rancher](../rancher)). + +This is NOT to be installed on OpenG2P cluster (except when in box mode). + +The client creation and Keycloak init scripts have been removed in favor of the above. +And relevant keycloak related instructions have been added wherever required. + +The older scripts & instructions can be found at this [link](https://github.com/OpenG2P/openg2p-deployment/tree/f2dfa3673ce272a552eafff1496faed68f0575ab/kubernetes/keycloak). diff --git a/kubernetes/keycloak/copy_secrets.sh b/kubernetes/keycloak/copy_secrets.sh deleted file mode 100755 index 8d1841b..0000000 --- a/kubernetes/keycloak/copy_secrets.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -# Copy secrets from other namespaces -# DST_NS: Destination namespace - -COPY_UTIL=../utils/copy_cm_func.sh -DST_NS=keycloak -$COPY_UTIL secret postgres-postgresql postgres $DST_NS - diff --git a/kubernetes/keycloak/install.sh b/kubernetes/keycloak/install.sh index b007330..978809c 100755 --- a/kubernetes/keycloak/install.sh +++ b/kubernetes/keycloak/install.sh @@ -1,53 +1,21 @@ #!/usr/bin/env bash -export SANDBOX_HOSTNAME=${SANDBOX_HOSTNAME:-openg2p.sandbox.net} -export KEYCLOAK_HOSTNAME=${KEYCLOAK_HOSTNAME:-keycloak.$SANDBOX_HOSTNAME} -export KEYCLOAK_REALM_NAME=${KEYCLOAK_REALM_NAME:-openg2p} +export KEYCLOAK_HOSTNAME=${KEYCLOAK_HOSTNAME:-keycloak.openg2p.net} +export KEYCLOAK_ISTIO_OPERATOR=${KEYCLOAK_ISTIO_OPERATOR:-true} +export TLS=${TLS:-false} +export NS=${NS:-keycloak-system} -. ../utils/keycloak.sh - -NS=keycloak - -echo Create $NS namespace kubectl create ns $NS -./copy_secrets.sh - -# previous version used 14.2.0. -helm -n $NS install keycloak oci://registry-1.docker.io/bitnamicharts/keycloak --version 18.0.0 -f values.yaml --wait $@ - -kubectl -n $NS create cm keycloak-host \ - --from-literal=keycloak-internal-host=keycloak.$NS \ - --from-literal=keycloak-internal-url=http://keycloak.$NS \ - --from-literal=keycloak-external-host=$KEYCLOAK_HOSTNAME \ - --from-literal=keycloak-external-url=https://$KEYCLOAK_HOSTNAME +helm -n $NS upgrade --install keycloak oci://registry-1.docker.io/bitnamicharts/keycloak \ + -f values-keycloak.yaml -if [ "$KEYCLOAK_ISTIO_ENABLED" != "false" ]; then - envsubst < istio-virtualservice.template.yaml | kubectl apply -n $NS -f - +if [[ "$KEYCLOAK_ISTIO_OPERATOR" == "true" ]]; then + kubectl apply -f istio-operator.yaml fi -if [ "$KEYCLOAK_INIT_ENABLED" != "false" ]; then - helm -n $NS install keycloak-init ./keycloak-init --wait $@ - - export OPENG2P_ADMIN_CLIENT_SECRET=$(kubectl -n $NS get secret keycloak-client-secrets -o jsonpath={.data.openg2p_admin_client_secret} | base64 --decode) - export OPENG2P_SELFSERVICE_CLIENT_SECRET=$(kubectl -n $NS get secret keycloak-client-secrets -o jsonpath={.data.openg2p_selfservice_client_secret} | base64 --decode) - export OPENG2P_SERVICEPROVIDER_CLIENT_SECRET=$(kubectl -n $NS get secret keycloak-client-secrets -o jsonpath={.data.openg2p_serviceprovider_client_secret} | base64 --decode) - export OPENG2P_MINIO_CLIENT_SECRET=$(kubectl -n $NS get secret keycloak-client-secrets -o jsonpath={.data.openg2p_minio_client_secret} | base64 --decode) - export OPENG2P_KAFKA_CLIENT_SECRET=$(kubectl -n $NS get secret keycloak-client-secrets -o jsonpath={.data.openg2p_kafka_client_secret} | base64 --decode) - export OPENG2P_OPENSEARCH_CLIENT_SECRET=$(kubectl -n $NS get secret keycloak-client-secrets -o jsonpath={.data.openg2p_opensearch_client_secret} | base64 --decode) - export OPENG2P_SUPERSET_CLIENT_SECRET=$(kubectl -n $NS get secret keycloak-client-secrets -o jsonpath={.data.openg2p_superset_client_secret} | base64 --decode) - - envsubst \ - '${KEYCLOAK_HOSTNAME} - ${OPENG2P_ADMIN_CLIENT_SECRET} - ${OPENG2P_SELFSERVICE_CLIENT_SECRET} - ${OPENG2P_SERVICEPROVIDER_CLIENT_SECRET} - ${OPENG2P_MINIO_CLIENT_SECRET} - ${OPENG2P_KAFKA_CLIENT_SECRET} - ${OPENG2P_OPENSEARCH_CLIENT_SECRET} - ${OPENG2P_SUPERSET_CLIENT_SECRET}' < ${KEYCLOAK_REALM_NAME}-realm.json > /tmp/${KEYCLOAK_REALM_NAME}-realm.json - - keycloak_import_realm \ - "$(keycloak_get_admin_token)" \ - "/tmp/${KEYCLOAK_REALM_NAME}-realm.json" +if [[ "$TLS" == "true" ]]; then + envsubst < istio-virtualservice-tls.template.yaml | kubectl -n $NS apply -f - +else + envsubst < istio-virtualservice.template.yaml | kubectl -n $NS apply -f - fi diff --git a/kubernetes/keycloak/istio-operator.yaml b/kubernetes/keycloak/istio-operator.yaml new file mode 100644 index 0000000..a0c37ba --- /dev/null +++ b/kubernetes/keycloak/istio-operator.yaml @@ -0,0 +1,46 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +metadata: + namespace: istio-system + name: keycloak +spec: + profile: default + meshConfig: + accessLogFile: /dev/stdout + enableTracing: true + pathNormalization: + normalization: MERGE_SLASHES + defaultConfig: + proxyMetadata: + ISTIO_META_IDLE_TIMEOUT: 0s + holdApplicationUntilProxyStarts: true + components: + base: + enabled: false + ingressGateways: + - name: istio-ingressgateway + enabled: false + - name: istio-ingressgateway-keycloak + enabled: true + label: + istio: ingressgateway-keycloak + istio-keycloak: ingressgateway + k8s: + hpaSpec: + minReplicas: 2 + nodeSelector: + shouldInstallIstioIngress: "true" + service: + type: NodePort + ports: + - name: tcp-status-port + port: 15021 + nodePort: 31521 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 31080 + - name: http2-redirect-https + port: 81 + targetPort: 8081 + nodePort: 31081 diff --git a/kubernetes/keycloak/istio-virtualservice-tls.template.yaml b/kubernetes/keycloak/istio-virtualservice-tls.template.yaml new file mode 100644 index 0000000..10fe9bb --- /dev/null +++ b/kubernetes/keycloak/istio-virtualservice-tls.template.yaml @@ -0,0 +1,45 @@ +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: keycloak +spec: + selector: + istio-keycloak: ingressgateway + servers: + - hosts: + - ${KEYCLOAK_HOSTNAME} + port: + name: http2 + number: 8080 + protocol: HTTP2 + tls: + httpsRedirect: true + - hosts: + - ${KEYCLOAK_HOSTNAME} + port: + name: https + number: 8443 + protocol: HTTPS + tls: + credentialName: tls-keycloak-ingress + mode: SIMPLE +--- +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: keycloak +spec: + gateways: + - keycloak + hosts: + - ${KEYCLOAK_HOSTNAME} + http: + - route: + - destination: + host: keycloak + port: + number: 80 + headers: + request: + set: + x-forwarded-proto: https diff --git a/kubernetes/keycloak/istio-virtualservice.template.yaml b/kubernetes/keycloak/istio-virtualservice.template.yaml index 3c8fc55..be39e6a 100644 --- a/kubernetes/keycloak/istio-virtualservice.template.yaml +++ b/kubernetes/keycloak/istio-virtualservice.template.yaml @@ -1,19 +1,42 @@ apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: keycloak +spec: + selector: + istio-keycloak: ingressgateway + servers: + - hosts: + - ${KEYCLOAK_HOSTNAME} + port: + name: http2-redirect-https + number: 8081 + protocol: HTTP2 + tls: + httpsRedirect: true + - hosts: + - ${KEYCLOAK_HOSTNAME} + port: + name: http2 + number: 8080 + protocol: HTTP2 +--- +apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: keycloak spec: gateways: - - istio-system/all-hosts + - keycloak hosts: - - ${KEYCLOAK_HOSTNAME} + - ${KEYCLOAK_HOSTNAME} http: - - route: - - destination: - host: keycloak - port: - number: 80 - headers: - request: - set: - x-forwarded-proto: https + - route: + - destination: + host: keycloak + port: + number: 80 + headers: + request: + set: + x-forwarded-proto: https diff --git a/kubernetes/keycloak/keycloak-init/Chart.yaml b/kubernetes/keycloak/keycloak-init/Chart.yaml deleted file mode 100644 index 7b31d8d..0000000 --- a/kubernetes/keycloak/keycloak-init/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v2 -name: keycloak-init -description: A Helm chart to initialize Keycloak Client secrets -type: application -version: 0.1.0 diff --git a/kubernetes/keycloak/keycloak-init/templates/client-secrets.yaml b/kubernetes/keycloak/keycloak-init/templates/client-secrets.yaml deleted file mode 100644 index 3d40249..0000000 --- a/kubernetes/keycloak/keycloak-init/templates/client-secrets.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: keycloak-client-secrets -type: Opaque -data: - {{- range $index, $client := .Values.clientSecrets }} - {{- if $client.secret }} - {{ $client.name }}: {{ $client.secret | b64enc | quote }} - {{- else }} - {{ $client.name }}: {{ randAlphaNum 16 | b64enc | quote }} - {{- end }} - {{- end }} diff --git a/kubernetes/keycloak/keycloak-init/values.yaml b/kubernetes/keycloak/keycloak-init/values.yaml deleted file mode 100644 index f0c68fb..0000000 --- a/kubernetes/keycloak/keycloak-init/values.yaml +++ /dev/null @@ -1,69 +0,0 @@ -clientSecrets: - - name: openg2p_admin_client_secret - secret: "" - - name: openg2p_selfservice_client_secret - secret: "" - - name: openg2p_serviceprovider_client_secret - secret: "" - - name: openg2p_minio_client_secret - secret: "" - - name: openg2p_kafka_client_secret - secret: "" - - name: openg2p_opensearch_client_secret - secret: "" - - name: openg2p_superset_client_secret - secret: "" - - name: mosip_abis_client_secret - secret: "" - - name: mosip_admin_client_secret - secret: "" - - name: mosip_admin_services_client_secret - secret: "" - - name: mosip_auth_client_secret - secret: "" - - name: mosip_crereq_client_secret - secret: "" - - name: mosip_creser_client_secret - secret: "" - - name: mosip_datsha_client_secret - secret: "" - - name: mosip_ida_client_secret - secret: "" - - name: mosip_misp_client_secret - secret: "" - - name: mosip_pms_client_secret - secret: "" - - name: mosip_policymanager_client_secret - secret: "" - - name: mosip_reg_client_secret - secret: "" - - name: mosip_regproc_client_secret - secret: "" - - name: mosip_resident_client_secret - secret: "" - - name: mosip_prereg_client_secret - secret: "" - - name: mosip_creser_idpass_client_secret - secret: "" - - name: mosip_syncdata_client_secret - secret: "" - - name: mosip_deployment_client_secret - secret: "" - - name: mpartner_default_auth_secret - secret: "" - - name: mosip_idrepo_client_secret - secret: "" - - name: mpartner_default_print_secret - secret: "" - - name: mosip_hotlist_client_secret - secret: "" - - name: mpartner_default_mobile_secret - secret: "" - - name: mosip_digitalcard_client_secret - secret: "" - - name: mpartner_default_digitalcard_secret - secret: "" - - name: mosip_testrig_client_secret - secret: "" - - name: mpartner_default_opencrvs_secret - secret: "" diff --git a/kubernetes/keycloak/openg2p-realm.json b/kubernetes/keycloak/openg2p-realm.json deleted file mode 100644 index 1cf053d..0000000 --- a/kubernetes/keycloak/openg2p-realm.json +++ /dev/null @@ -1,5026 +0,0 @@ -{ - "id": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "realm": "openg2p", - "displayName": "OpenG2P", - "displayNameHtml": "", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": true, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "name": "default-roles-openg2p", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "CENTRAL_ADMIN", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "GLOBAL_ADMIN", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "PARTNER_ADMIN", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "PMS_ADMIN", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "ZONAL_ADMIN", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "PARTNERMANAGER", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "PUBLISH_OIDC_CLIENT_CREATED_GENERAL", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "PUBLISH_OIDC_CLIENT_UPDATED_GENERAL", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "PUBLISH_APIKEY_APPROVED_GENERAL", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "PUBLISH_APIKEY_UPDATED_GENERAL", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "PUBLISH_MISP_LICENSE_GENERATED_GENERAL", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "PUBLISH_MISP_LICENSE_UPDATED_GENERAL", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "PUBLISH_PARTNER_UPDATED_GENERAL", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "PUBLISH_POLICY_UPDATED_GENERAL", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "minio_consoleAdmin", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "superset_Admin", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - }, - { - "name": "superset_Public", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "921b6b0f-42b5-476a-a161-2f4af3666e6a", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "69ba7d54-1d77-418e-a631-6d699307dc7a", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "b5bd2594-d5a0-43a8-beac-085a7271dd14", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "ec922d3a-5623-46a5-a67c-63a2e43a824b", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "60fb7293-3463-4218-9126-8cf306842cbf", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "22c8464d-9811-4529-af51-7d4fe0004952", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "b8c963b3-7631-42c7-bb53-aad03afc8f48", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "892c5259-5d65-44da-ac6d-818150e437da", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "7e3c3a1e-c8ac-4ccc-af9e-238f732eff74", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "5d760094-1be6-4780-b473-fc074d44fd94", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "fb474e06-4e63-4a5d-a28d-62d715c0dae2", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "c6673973-3c18-4c8c-ae99-3b3caeafa2cc", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "64e3c2ea-1c9e-47c7-98ba-60a85b67b6dd", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "e1e33c87-cc66-44a7-813a-5a034f2bdbf9", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "1161dbd4-9dec-455d-9231-6b97cb9f3c6c", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "567d304a-16a7-4b02-99fb-d8fea9c90102", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-realms", - "manage-users", - "manage-events", - "impersonation", - "manage-realm", - "create-client", - "view-events", - "view-users", - "view-authorization", - "query-clients", - "manage-identity-providers", - "view-identity-providers", - "query-groups", - "manage-clients", - "query-users", - "view-clients", - "manage-authorization", - "view-realm" - ] - } - }, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "a57ad8a9-d741-4721-961e-f908f18ea196", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "14a53f15-3942-445d-9ed1-e46af241e425", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - }, - { - "id": "802bd9ba-e622-4009-a7ad-9d6f9d686470", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "243f877f-8adb-4b17-b91c-97d90c0bc6f6", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "f927effe-f015-43fe-8c7b-307ee4b2ffb2", - "attributes": {} - } - ], - "account": [ - { - "id": "44cd7acb-c967-4ae9-8fbd-a5e9b916e975", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "6b0b1458-dc39-498a-a4c6-a6916ab650ef", - "attributes": {} - }, - { - "id": "a0e2e0d0-29cb-447e-aa91-e86786901136", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "6b0b1458-dc39-498a-a4c6-a6916ab650ef", - "attributes": {} - }, - { - "id": "4fbe54f8-8d1e-45ce-a4a9-5b1a2acb7ac7", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "6b0b1458-dc39-498a-a4c6-a6916ab650ef", - "attributes": {} - }, - { - "id": "f514ec8a-8313-481e-a92c-9a826fe7ba28", - "name": "view-groups", - "description": "${role_view-groups}", - "composite": false, - "clientRole": true, - "containerId": "6b0b1458-dc39-498a-a4c6-a6916ab650ef", - "attributes": {} - }, - { - "id": "6de2043b-b25f-4248-bda5-ef8f558f4d01", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "6b0b1458-dc39-498a-a4c6-a6916ab650ef", - "attributes": {} - }, - { - "id": "b8118a68-c165-4cfd-8536-02adae2f46f6", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "6b0b1458-dc39-498a-a4c6-a6916ab650ef", - "attributes": {} - }, - { - "id": "6bff28e9-ef41-42ad-8156-8def8e07d239", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "6b0b1458-dc39-498a-a4c6-a6916ab650ef", - "attributes": {} - }, - { - "id": "b89f3717-c79a-4f47-ba65-d053b8450fed", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "6b0b1458-dc39-498a-a4c6-a6916ab650ef", - "attributes": {} - } - ], - "openg2p-opensearch-client": [ - { - "name": "admin", - "composite": false, - "clientRole": true, - "containerId": "be449dec-3675-4a0b-8b6e-a32d3715f079", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRole": { - "id": "49cee445-d0f7-469f-8bd5-cfd9356f686e", - "name": "default-roles-openg2p", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "6fda1fc8-16cb-4be1-9375-eb47e0fe4fc4" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpPolicyCodeReusable": false, - "otpSupportedApplications": [ - "totpAppFreeOTPName", - "totpAppMicrosoftAuthenticatorName", - "totpAppGoogleName" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "users": [ - { - "id": "1cea9fbf-cbc0-46a7-984f-663d63e91aa2", - "createdTimestamp": 1704319095485, - "username": "service-account-openg2p-admin-client", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "openg2p-admin-client", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-openg2p", - "GLOBAL_ADMIN", - "PARTNER_ADMIN", - "PMS_ADMIN", - "PARTNERMANAGER", - "SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL", - "PUBLISH_OIDC_CLIENT_CREATED_GENERAL", - "PUBLISH_OIDC_CLIENT_UPDATED_GENERAL", - "PUBLISH_APIKEY_APPROVED_GENERAL", - "PUBLISH_APIKEY_UPDATED_GENERAL", - "PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL", - "PUBLISH_MISP_LICENSE_GENERATED_GENERAL", - "PUBLISH_MISP_LICENSE_UPDATED_GENERAL", - "PUBLISH_PARTNER_UPDATED_GENERAL", - "PUBLISH_POLICY_UPDATED_GENERAL" - ], - "notBefore": 0, - "groups": [] - }, - { - "id": "4c6fa66f-6b8e-424f-9df0-845d08d7a806", - "createdTimestamp": 1699248524251, - "username": "service-account-openg2p-selfservice-client", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "openg2p-selfservice-client", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-openg2p" - ], - "notBefore": 0, - "groups": [] - }, - { - "id": "8715a291-9072-4d67-bff3-3ee2138cda06", - "createdTimestamp": 1699248524251, - "username": "service-account-openg2p-serviceprovider-client", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "openg2p-serviceprovider-client", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-openg2p" - ], - "notBefore": 0, - "groups": [] - }, - { - "id": "49d0a689-11a6-4271-b8d8-778b3e90e920", - "createdTimestamp": 1699248524251, - "username": "service-account-openg2p-minio-client", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "openg2p-minio-client", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-openg2p" - ], - "notBefore": 0, - "groups": [] - }, - { - "id": "d45dbcc3-db63-4222-b099-cbf985f07688", - "createdTimestamp": 1699248524251, - "username": "service-account-openg2p-kafka-client", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "openg2p-kafka-client", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-openg2p" - ], - "notBefore": 0, - "groups": [] - }, - { - "id": "be449dec-3675-4a0b-8b6e-a32d3715f079", - "createdTimestamp": 1699248524251, - "username": "service-account-openg2p-opensearch-client", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "openg2p-opensearch-client", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-openg2p" - ], - "notBefore": 0, - "groups": [] - }, - { - "id": "be449dec-3675-4a0b-8b6e-a32d3715f801", - "createdTimestamp": 1699248524251, - "username": "service-account-openg2p-superset-client", - "enabled": true, - "totp": false, - "emailVerified": false, - "serviceAccountClientId": "openg2p-superset-client", - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "default-roles-openg2p" - ], - "notBefore": 0, - "groups": [] - } - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account", - "view-groups" - ] - } - ] - }, - "clients": [ - { - "id": "6b0b1458-dc39-498a-a4c6-a6916ab650ef", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/openg2p/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/openg2p/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b89f5fd9-71e5-408b-93e1-66ef4a6b37d6", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/OpenG2P/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/OpenG2P/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "38ff1ac0-3216-4e23-ab4b-56fbddd885a4", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "8b003117-fcb7-4b3f-953a-34e4282ef10a", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "f927effe-f015-43fe-8c7b-307ee4b2ffb2", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "bcb2eb51-2a89-4d0c-bf1e-e25939ea6554", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "e0db1a98-d65d-4078-b29d-08df4655c782", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/openg2p/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/openg2p/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+", - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "ef96f337-0dfa-4e67-9e1f-00ece9291248", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "eaac1b96-2bdd-4ca4-a035-bf904f690ad5", - "clientId": "openg2p-admin-client", - "name": "OpenG2P Admin", - "description": "", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "${OPENG2P_ADMIN_CLIENT_SECRET}", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "openid-connect", - "attributes": { - "oidc.ciba.grant.enabled": "false", - "client.secret.creation.time": "1704319095", - "backchannel.logout.session.required": "true", - "display.on.consent.screen": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "aggregate.attrs": "false", - "userinfo.token.claim": "true", - "multivalued": "false", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "name": "Audience", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "openg2p-admin-client", - "id.token.claim": "true", - "access.token.claim": "true" - } - }, - { - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - }, - { - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email", - "update_oidc_client", - "add_oidc_client", - "get_certificate", - "upload_certificate" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b1fda7f1-f1c4-4688-a2de-a2abf6210a54", - "clientId": "openg2p-selfservice-client", - "name": "OpenG2P Self-service", - "description": "", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "${OPENG2P_SELFSERVICE_CLIENT_SECRET}", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "openid-connect", - "attributes": { - "oidc.ciba.grant.enabled": "false", - "oauth2.device.authorization.grant.enabled": "false", - "client.secret.creation.time": "1699248524", - "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "aggregate.attrs": "false", - "userinfo.token.claim": "true", - "multivalued": "false", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "name": "Audience", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "openg2p-selfservice-client", - "id.token.claim": "true", - "access.token.claim": "true" - } - }, - { - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - }, - { - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "clientId": "openg2p-serviceprovider-client", - "name": "OpenG2P Service Provider", - "description": "", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "${OPENG2P_SERVICEPROVIDER_CLIENT_SECRET}", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "openid-connect", - "attributes": { - "oidc.ciba.grant.enabled": "false", - "oauth2.device.authorization.grant.enabled": "false", - "client.secret.creation.time": "1699248524", - "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "aggregate.attrs": "false", - "userinfo.token.claim": "true", - "multivalued": "false", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "name": "Audience", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "openg2p-serviceprovider-client", - "id.token.claim": "true", - "access.token.claim": "true" - } - }, - { - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - }, - { - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "clientId": "openg2p-minio-client", - "name": "OpenG2P Minio", - "description": "", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "${OPENG2P_MINIO_CLIENT_SECRET}", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "openid-connect", - "attributes": { - "oidc.ciba.grant.enabled": "false", - "oauth2.device.authorization.grant.enabled": "false", - "client.secret.creation.time": "1699248524", - "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "aggregate.attrs": "false", - "userinfo.token.claim": "true", - "multivalued": "false", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "name": "Audience", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "openg2p-minio-client", - "id.token.claim": "true", - "access.token.claim": "true" - } - }, - { - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - }, - { - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - }, - { - "name": "Minio Console role remove prefix", - "protocol": "openid-connect", - "protocolMapper": "oidc-role-name-mapper", - "config": { - "role": "minio_consoleAdmin", - "new.role.name": "consoleAdmin" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "clientId": "openg2p-kafka-client", - "name": "OpenG2P Kafka", - "description": "", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "${OPENG2P_KAFKA_CLIENT_SECRET}", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "openid-connect", - "attributes": { - "oidc.ciba.grant.enabled": "false", - "oauth2.device.authorization.grant.enabled": "false", - "client.secret.creation.time": "1699248524", - "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "aggregate.attrs": "false", - "userinfo.token.claim": "true", - "multivalued": "false", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "name": "Audience", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "openg2p-kafka-client", - "id.token.claim": "true", - "access.token.claim": "true" - } - }, - { - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - }, - { - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "clientId": "openg2p-opensearch-client", - "name": "OpenG2P OpenSearch", - "description": "", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "${OPENG2P_OPENSEARCH_CLIENT_SECRET}", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "openid-connect", - "attributes": { - "oidc.ciba.grant.enabled": "false", - "oauth2.device.authorization.grant.enabled": "false", - "client.secret.creation.time": "1699248524", - "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "aggregate.attrs": "false", - "userinfo.token.claim": "true", - "multivalued": "false", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "name": "Audience", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "openg2p-opensearch-client", - "id.token.claim": "true", - "access.token.claim": "true" - } - }, - { - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - }, - { - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String", - "usermodel.clientRoleMapping.clientId": "openg2p-opensearch-client" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "clientId": "openg2p-superset-client", - "name": "OpenG2P Superset", - "description": "", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "${OPENG2P_SUPERSET_CLIENT_SECRET}", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "openid-connect", - "attributes": { - "oidc.ciba.grant.enabled": "false", - "oauth2.device.authorization.grant.enabled": "false", - "client.secret.creation.time": "1699248524", - "backchannel.logout.session.required": "true", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "aggregate.attrs": "false", - "userinfo.token.claim": "true", - "multivalued": "false", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "name": "Audience", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-mapper", - "consentRequired": false, - "config": { - "included.client.audience": "openg2p-superset-client", - "id.token.claim": "true", - "access.token.claim": "true" - } - }, - { - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - }, - { - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "39a275d7-0694-441c-a114-8ce70862bb88", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "ddac7112-5884-477d-a0d9-7f4979e0ef88", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "01a5a6c3-ce23-40bc-a6d8-aedc1c270db0", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "42dd0379-6bb8-47e1-8e48-859e08561a98", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "b3e667d4-8f5d-4a1d-8f99-023b8e3733f3", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "88612eb8-943d-4cef-8a6f-223da9b4440e", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "caf718e4-4009-40bd-bc64-30a4731a798f", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "06762633-7272-4ea0-9d25-0761eb545df3", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "76c6967d-c0a4-4dab-be79-dfe9b44465ae", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "7ea6f35c-f7b1-463f-ad1c-a3b84d949fc1", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "18282912-371d-4adb-86eb-b6fd3e0d9ecc", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "dde025e7-8ca3-489a-8540-bcb7ab17ee46", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "bcdf12fb-09ef-4ab9-9f54-1a9d13f767d0", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "ffe8f021-2c44-41d6-a963-4b0cf69111ee", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "8126079e-8157-4c2b-a805-315317cb74d0", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "b9b66e61-8984-4346-a800-1e89bbcf5009", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "bb4c155e-45cd-48c1-8f20-7ada61728581", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "04bb09cf-e2db-4eb9-9629-1783d985c721", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "784dbac5-db5b-4124-9c8c-1b1254dd2e1a", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "307ad4e2-4fe6-4fd6-a29c-79c84762f809", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "32917a1e-b550-4378-b644-a4719ffe3ede", - "name": "acr", - "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "be6ae9dc-9ffe-4da1-b413-f1fa057c6ac4", - "name": "acr loa level", - "protocol": "openid-connect", - "protocolMapper": "oidc-acr-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true" - } - } - ] - }, - { - "id": "54a2e3cf-a2d5-4203-8e18-0594bbacc203", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "998d7151-2d80-4ab9-bf3e-3c111b8e6370", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "009cdb89-aca8-49b3-95f4-227557285b19", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "d32c8c33-0105-4c81-9a61-92955cec24cd", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "7268da9b-8f0b-4eb9-9d4d-68c64c2df6dd", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "97a087c2-0264-4fca-bdc2-89a18b342ad1", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "12f73256-191f-486a-9f85-d1830d9ec0ee", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "d5fe3338-4bd1-4134-9be9-6d9d80bcf65b", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "af167d43-a65d-4daa-a937-9b65d9764cbd", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "9a2f3614-52bc-4419-8d80-eff5f53ed427", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "long" - } - }, - { - "id": "d40daded-7ea0-48bb-8860-60d7be411a35", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "038eeb2c-24e9-45b0-ab50-dc1cc5cd501c", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "8a576ee5-39ed-4159-8cce-6d5eea649705", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "ee24792c-8814-4ead-857c-971630c5ba08", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "724c8a30-1ca8-45b5-b5e5-495a523ff7cc", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ] - }, - { - "name": "add_oidc_client", - "description": "Scope required to create OIDC client", - "protocol": "openid-connect", - "attributes": { - "display.on.consent.screen": "false", - "include.in.token.scope": "true" - } - }, - { - "name": "update_oidc_client", - "description": "", - "protocol": "openid-connect", - "attributes": { - "display.on.consent.screen": "false", - "include.in.token.scope": "true" - } - }, - { - "name": "get_certificate", - "description": "Scope required to create OIDC client", - "protocol": "openid-connect", - "attributes": { - "display.on.consent.screen": "false", - "include.in.token.scope": "true" - } - }, - { - "name": "upload_certificate", - "description": "", - "protocol": "openid-connect", - "attributes": { - "display.on.consent.screen": "false", - "include.in.token.scope": "true" - } - }, - { - "name": "sending_binding_otp", - "description": "Scope required to create OIDC client", - "protocol": "openid-connect", - "attributes": { - "display.on.consent.screen": "false", - "include.in.token.scope": "true" - } - }, - { - "name": "wallet_binding", - "description": "", - "protocol": "openid-connect", - "attributes": { - "display.on.consent.screen": "false", - "include.in.token.scope": "true" - } - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins", - "acr" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "16f9dd21-a13a-4e25-8e60-e036fbf88ebf", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "11b70621-b156-4fe2-936b-f302e0c266aa", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "8b8052ff-d9e9-49a0-8c22-3639744fd7af", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-usermodel-property-mapper", - "saml-user-property-mapper", - "saml-role-list-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper" - ] - } - }, - { - "id": "d8a14a4a-dbb6-4db3-91c8-d567130c33de", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper", - "oidc-full-name-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "800120db-e109-46dd-9e4b-aa4752bfe824", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "866c5a29-ff27-441c-a51f-188db9229a27", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "5e2aaba5-ca5b-43f7-b99e-3a59abdd28b6", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "074fd2bb-52ab-4dfc-9d7d-756bf02106be", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.userprofile.UserProfileProvider": [ - { - "id": "e83889a0-0472-4c88-84b0-9520ed2c4584", - "providerId": "declarative-user-profile", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "a960349e-445f-4990-945b-7cd5fc519808", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "9e3f85bf-73c6-4192-ac3c-eb9b2d0b82ef", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "6bcaa037-ecc6-4f8f-8488-0f8dae69a64b", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "4d62c3cb-e1f9-4256-86b4-971d855733c0", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "2da1ee7c-ea40-40f9-bee5-f38f290a1ca5", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false - } - ] - }, - { - "id": "a71f3c0f-62a7-4bd5-a163-9f70b785180c", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "cf147b6f-c262-40b7-a181-0c5a91d01b00", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "ccc083b7-615b-46bd-9f52-22a9eeaaef80", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "b662b836-799f-48a1-99e1-2352d7b9c3fe", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "e86022d6-02c0-443e-878a-45b8dbc3f89d", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Account verification options", - "userSetupAllowed": false - } - ] - }, - { - "id": "7b35868e-b651-4194-975e-e70338ca436a", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "818fd035-f110-4646-be06-c19d2ae94dcf", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false - } - ] - }, - { - "id": "a4eee3d3-c964-4837-b614-4b6d8074781b", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "5842d520-3859-4513-9a64-24d2825eb4ad", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "forms", - "userSetupAllowed": false - } - ] - }, - { - "id": "a51ea450-3d18-41ca-bb50-2b04403eaacc", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "321c8a44-fb93-41c3-90fe-29a26c3de9c7", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "5cfdfa1a-77e6-4681-b710-c795ffcc14a3", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "24cfa518-1a32-45d4-9b9b-e1cee452c0c1", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "User creation or linking", - "userSetupAllowed": false - } - ] - }, - { - "id": "986505fe-9deb-48c2-b2d7-3dea4900de79", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "63bdb132-6dfd-4816-87d0-090318820e7d", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Authentication Options", - "userSetupAllowed": false - } - ] - }, - { - "id": "a4bd6b56-0851-4846-b7ee-77ad70af4d41", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": true, - "flowAlias": "registration form", - "userSetupAllowed": false - } - ] - }, - { - "id": "8f246bbb-2a34-43e6-876a-bab5fd352664", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "1f7613ba-c139-4f9e-954c-216c4080bd7e", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "autheticatorFlow": true, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "ff75b06c-1c9c-4936-af70-6b90ee44da30", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "548eede5-c920-41d4-b13f-f841eda3cbc3", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "6d24d3c1-9889-4f3a-b598-ea717fff1bc7", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "TERMS_AND_CONDITIONS", - "name": "Terms and Conditions", - "providerId": "TERMS_AND_CONDITIONS", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "webauthn-register", - "name": "Webauthn Register", - "providerId": "webauthn-register", - "enabled": true, - "defaultAction": false, - "priority": 70, - "config": {} - }, - { - "alias": "webauthn-register-passwordless", - "name": "Webauthn Register Passwordless", - "providerId": "webauthn-register-passwordless", - "enabled": true, - "defaultAction": false, - "priority": 80, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DevicePollingInterval": "5", - "clientOfflineSessionMaxLifespan": "0", - "clientSessionIdleTimeout": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5", - "realmReusableOtpCode": "false", - "cibaExpiresIn": "120", - "oauth2DeviceCodeLifespan": "600", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "frontendUrl": "https://${KEYCLOAK_HOSTNAME}", - "acr.loa.map": "{}" - }, - "keycloakVersion": "21.0.2", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file diff --git a/kubernetes/rancher/keycloak-values.yaml b/kubernetes/keycloak/values-keycloak.yaml similarity index 74% rename from kubernetes/rancher/keycloak-values.yaml rename to kubernetes/keycloak/values-keycloak.yaml index 9f4753d..11fff2c 100644 --- a/kubernetes/rancher/keycloak-values.yaml +++ b/kubernetes/keycloak/values-keycloak.yaml @@ -5,11 +5,7 @@ auth: adminUser: admin ingress: - enabled: true - extraTls: - - hosts: - - "" - secretName: tls-keycloak-ingress + enabled: false replicaCount: 2 @@ -30,5 +26,5 @@ rbac: - get - list -ingress: - enabled: false +proxy: edge +production: true diff --git a/kubernetes/keycloak/values.yaml b/kubernetes/keycloak/values.yaml deleted file mode 100644 index 9e91e81..0000000 --- a/kubernetes/keycloak/values.yaml +++ /dev/null @@ -1,39 +0,0 @@ -service: - type: ClusterIP - -auth: - adminUser: admin - -ingress: - enabled: false - -replicaCount: 2 - -proxy: edge - -resources: - limits: {} - requests: - cpu: 200m - memory: 1000Mi - -rbac: - create: true - rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - -postgresql: - enabled: false - -externalDatabase: - host: postgres-postgresql.postgres - database: keycloakdb - user: keycloakuser - existingSecret: postgres-postgresql - existingSecretPasswordKey: password diff --git a/kubernetes/rancher/install.sh b/kubernetes/rancher/install.sh index 93ea568..bafd179 100755 --- a/kubernetes/rancher/install.sh +++ b/kubernetes/rancher/install.sh @@ -1,7 +1,8 @@ #!/usr/bin/env bash export RANCHER_HOSTNAME=${RANCHER_HOSTNAME:-rancher.openg2p.net} -export KEYCLOAK_HOSTNAME=${KEYCLOAK_HOSTNAME:-keycloak.openg2p.net} +export RANCHER_ISTIO_OPERATOR=${RANCHER_ISTIO_OPERATOR:-true} +export TLS=${TLS:-false} export NS=${NS:-cattle-system} kubectl create ns $NS @@ -10,9 +11,15 @@ helm repo add rancher-latest https://releases.rancher.com/server-charts/latest helm repo update helm -n $NS upgrade --install rancher rancher-latest/rancher \ - --set ingress.enabled=false --set tls=external + --set ingress.enabled=false \ + --set tls=external -helm -n $NS upgrade --install keycloak oci://registry-1.docker.io/bitnamicharts/keycloak \ - -f keycloak-values.yaml +if [[ "$RANCHER_ISTIO_OPERATOR" == "true" ]]; then + kubectl apply -f istio-operator.yaml +fi -envsubst < istio-virtualservice.template.yaml | kubectl -n $NS apply -f - +if [[ "$TLS" == "true" ]]; then + envsubst < istio-virtualservice-tls.template.yaml | kubectl -n $NS apply -f - +else + envsubst < istio-virtualservice.template.yaml | kubectl -n $NS apply -f - +fi diff --git a/kubernetes/rancher/istio-operator.yaml b/kubernetes/rancher/istio-operator.yaml new file mode 100644 index 0000000..6cb2f6c --- /dev/null +++ b/kubernetes/rancher/istio-operator.yaml @@ -0,0 +1,46 @@ +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +metadata: + namespace: istio-system + name: rancher +spec: + profile: default + meshConfig: + accessLogFile: /dev/stdout + enableTracing: true + pathNormalization: + normalization: MERGE_SLASHES + defaultConfig: + proxyMetadata: + ISTIO_META_IDLE_TIMEOUT: 0s + holdApplicationUntilProxyStarts: true + components: + base: + enabled: false + ingressGateways: + - name: istio-ingressgateway + enabled: false + - name: istio-ingressgateway-rancher + enabled: true + label: + istio: ingressgateway-rancher + istio-rancher: ingressgateway + k8s: + hpaSpec: + minReplicas: 2 + nodeSelector: + shouldInstallIstioIngress: "true" + service: + type: NodePort + ports: + - name: tcp-status-port + port: 15021 + nodePort: 30521 + - name: http2 + port: 80 + targetPort: 8080 + nodePort: 30080 + - name: http2-redirect-https + port: 81 + targetPort: 8081 + nodePort: 30081 diff --git a/kubernetes/rancher/istio-virtualservice-tls.template.yaml b/kubernetes/rancher/istio-virtualservice-tls.template.yaml new file mode 100644 index 0000000..6a182d4 --- /dev/null +++ b/kubernetes/rancher/istio-virtualservice-tls.template.yaml @@ -0,0 +1,45 @@ +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: rancher +spec: + selector: + istio-rancher: ingressgateway + servers: + - hosts: + - ${RANCHER_HOSTNAME} + port: + name: http2 + number: 8080 + protocol: HTTP2 + tls: + httpsRedirect: true + - hosts: + - ${RANCHER_HOSTNAME} + port: + name: https + number: 8443 + protocol: HTTPS + tls: + credentialName: tls-rancher-ingress + mode: SIMPLE +--- +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: rancher +spec: + gateways: + - rancher + hosts: + - ${RANCHER_HOSTNAME} + http: + - route: + - destination: + host: rancher + port: + number: 80 + headers: + request: + set: + x-forwarded-proto: https diff --git a/kubernetes/rancher/istio-virtualservice.template.yaml b/kubernetes/rancher/istio-virtualservice.template.yaml index dd94b96..0785af4 100644 --- a/kubernetes/rancher/istio-virtualservice.template.yaml +++ b/kubernetes/rancher/istio-virtualservice.template.yaml @@ -1,27 +1,25 @@ apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: - name: internal + name: rancher spec: selector: - istio: ingressgateway + istio-rancher: ingressgateway servers: - hosts: - ${RANCHER_HOSTNAME} - - ${KEYCLOAK_HOSTNAME} port: - name: http-redirect-https - number: 81 - protocol: HTTP + name: http2-redirect-https + number: 8081 + protocol: HTTP2 tls: httpsRedirect: true - hosts: - ${RANCHER_HOSTNAME} - - ${KEYCLOAK_HOSTNAME} port: - name: http - number: 80 - protocol: HTTP + name: http2 + number: 8080 + protocol: HTTP2 --- apiVersion: networking.istio.io/v1beta1 kind: VirtualService @@ -29,31 +27,15 @@ metadata: name: rancher spec: gateways: - - internal + - rancher hosts: - ${RANCHER_HOSTNAME} http: - route: - destination: host: rancher - headers: - request: - set: - x-forwarded-proto: https ---- -apiVersion: networking.istio.io/v1beta1 -kind: VirtualService -metadata: - name: keycloak -spec: - gateways: - - internal - hosts: - - ${KEYCLOAK_HOSTNAME} - http: - - route: - - destination: - host: keycloak + port: + number: 80 headers: request: set: